Visitor counter, Heat Map, Conversion tracking, Search Rank
Notice
  • Could not instantiate mail function.
  • Could not instantiate mail function.
  • Could not instantiate mail function.
  • Could not instantiate mail function.
  • Could not instantiate mail function.
  • Could not instantiate mail function.
  • Could not instantiate mail function.
  • Could not instantiate mail function.
  • Could not instantiate mail function.
  • Could not instantiate mail function.

How to secure your intra-network from external attacks when connected to Internet - Web based configuration of PfSense

Now open your web browser and go to ip address of the LAN port of PfSense. In our example its http://192.168.2.1

 

Enable Secure shell for configuring the firewall by remotely logging in to the machine using a Linux shell

We need to install packages on to the base system to get the desired functionality.

the list of available packages has got many packages. We would be installing Squid and Squidguard packages.

Squid is a proxy server.Select Squid in the available list . Click the add package icon on the right.

 

The package installation would require Internet. The required package file would be downloaded by PfSense.

Once the files are downloaded, the system would install the package.

Similarly Squidguard has to be installed. Squidguard would give us the capability to filter traffic based on its URL.

Go to General parameters and setup Primary DNS Server as 4.2.2.2

 

There is an option to configure LAN and WAN interface if required using the Wen Configuration.

Select  Services and then Proxy Server to configure the squid proxy. Select proxy interface as LAN.  Click  on  allow users on the interface.

enter log directory as /var/squid/logs  . This would be required by the report generation package which we would install later. Select a proxy port. This port and the LAN IP of the PfSense would have to entered into all the machines to route their traffic to PfSense.

To configure Squidguard go the Services and select Squidguard. By default it would be disabled. We would have to click enable to start the Squidguard service

Select Blacklist. This would be required for enabling URL filtering.

 To check whether the services Squid and Squidguard have started go to Status and then to Services.

You would notice that the Squidguard service has not started. To start Squidguard a system reboot would be required. Reboot the machine using the Diagnostics.

Go to Status and then to Services. Check the status and verify all the services are running.

Click play to start Squid and then Squidguard

For URL filtering we need to supply a blacklist to the PfSense.  This list contains various groups which we can block as per our requirement.

We would be using a free Blacklist from http://www.shallalist.de/Downloads/shallalist.tar.gz

download and install. This would take considerable time , so be patient.

 

 

 

Now to achieve the desired URL filtering go to Common ACL in Squidguard.

Expand the Target Rules List. By default its deny all. Change it to Allow all. We intend to block only traffic to certain groups such as porn sites etc while  allowing all other. If we do the other way around , ie, denying all by default and allowing only traffic to specific groups. We would end up spending a lot of time only configuring rules.

Here I have shown deny porn and allow all configuration. Similarly all groups which you want blocked can be selected as deny.

Notice the Target rules as !blk_BL_porn all. This implies, as the traffic would arrive, the firewall would check if the URL matches the ones for porn sites, if yes, it will be blocked. If no, it would be allowed.

Select do not allow IP address in URL. If not checked a user can open a site by supplying its IP address in the URL. So even if you would have blocked porn sites, a user who enters  http://206.161.206.131 can still access www.sexocean.com thereby defeating the URL filtering.

To keep an account of usage in terms of data download, sites accessed etc , we would require to identify a particular user. This can only be possible if the user supply  some credentials to access the proxy server. Go to Auth Settings and select local authentication method.

 

For local authentication method, we would require to create users

Now to generate report of the network usage we will install a package called Lightsquid.

To check the report go Status and then to Proxy reports.

configure the settings. Select language and reporting scheme as English and Demo respectively.

The lightsquid would require to capture some data before it can generate a report else it would give an error as under.

The changes required in the user PC are shown using Mozilla Firefox web browser. Similar settings would be required in chrome or Internet explorer.

Comments   

0 #157 naked butt sex 2019-01-23 21:05
These are actually fantastic ideas in concerning blogging.

You have touched some fastidious things here. Any way keep up wrinting.
Quote
0 #156 Margo 2019-01-15 02:30
Para eles, a auto-imagem atualidade é inaceitável.
Quote
0 #155 Abbey 2019-01-14 14:14
A receita rende cerca de 6 panetones de 500
gramas.
Quote
0 #154 congressdigital.com 2019-01-13 22:11
Será que qualquer um deve tomar Turbo Maca Peruvian?
Quote
0 #153 csszengarden.com 2019-01-13 17:34
Um dos melhores hotéis é Hotel Guarani.
Quote
0 #152 Gelin Askilari 2019-01-11 15:23
My coder is trying to convince me to move to .net from PHP.

I have alwys disliked the idea because of the costs.

Buut he's tryiong none the less. I've been using WordPress on numerous websites for aout
a year and am concerned about switching to another platform.
I have heard very good things abut blogengine.net.
Is there a way I can import all my wordpress contet into it?
Any help would be greatly appreciated!

Heere is my web-site ... Gelin Askilari: http://Www.Kartlikilitsistemleri.site/galin-sabahlik-askilik
Quote
0 #151 http://sextoyu.com 2019-01-06 23:32
Hey there! This post couldn't be written any better!
Reading through this post reminds me of my good old room mate!
He always kept chatting about this. I will forward this page to him.
Pretty sure he will have a good read. Thank you
for sharing!
Quote
0 #150 www.madbursa.org 2019-01-01 21:46
I’m not that much of a domino qգ online uang asⅼi (www.madbursa.org: http://www.madbursa.org/user/Jeanne3063/) reader to be honest but your sites reɑlly nice, keep it
up! I'll ɡo aheaԀ and bookmаrk your site
to come back later on. Cheers
Quote
0 #149 http://gsaranker.net 2018-12-31 01:23
Hello there! This article could not be written any better!

Going through this post reminds me of my previous roommate!

He always kept preaching about this. I most certainly
will forward this post to him. Fairly certain he'll have a good read.
Many thanks for sharing!
Quote
0 #148 Maricruz 2018-12-26 07:32
Passe pincel levemente sobre uma das cores.
Quote
0 #147 emagrece mesmo 2018-12-01 05:03
Melhor projecto de perder peso do Brasil.
Quote

Add comment


Security code
Refresh